Skip to content
This repository has been archived by the owner on Mar 2, 2022. It is now read-only.

Commit

Permalink
Merge branch 'serialPatching'
Browse files Browse the repository at this point in the history
  • Loading branch information
Hartie95 committed Jul 30, 2015
2 parents eae05ad + 58bb7a8 commit cdffb5e
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 27 deletions.
2 changes: 1 addition & 1 deletion include/menu.h
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ struct menuEntry{
static const menuEntry menu[]={ {"e-shop spoof ", "Patches nim for E-Shop access ", SETTING},
{"region patch ", "Patches the home menu to show out of\nregion games and nim to ignore out of\nregion Updates", SETTING},
{"no auto download ", "Patches nim to stop automatic update\ndownload\n(Might be unstable)", SETTING},
{"serial patch", "Patches the serial to allow E-Shop \nacces after region change\n(not implemented)", PLACEHOLDER},
{"serial patch ", "Patches the serial to allow E-Shop \nacces after region change\n(not implemented)", PLACEHOLDER},
{"save", "Save current selection for later use", SAVE},
{"exit", "Exit without applying patches ", EXIT}
};
Expand Down
6 changes: 3 additions & 3 deletions include/patches.h
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

#include <3ds.h>

int PatchPid();
/*int PatchPid();
int UnpatchPid();
void ReinitSrv();
void PatchSrvAccess();
void PatchSrvAccess();*/
int patchNimEshop();
int patchNimAutoUpdate();
int patchRegionFree();
int patchMenu();
int patchNs();
//int patchDlp();
//int changeSerial();
int changeSerial();
10 changes: 9 additions & 1 deletion source/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ static const string settingsFileName="settings.cfg";

bool applyPatches(bool patchlist[]){
SaveVersionConstants();
PatchSrvAccess();
//PatchSrvAccess();
gputDrawString("srv patched", (gpuGetViewportWidth() - gputGetStringWidth("srv patched", 8)) / 2, 130, 8, 8, 0 ,0 ,0);

if(patchlist[ESHOPSPOOF]==true)
Expand All @@ -44,6 +44,14 @@ bool applyPatches(bool patchlist[]){
gputDrawString("patch applied!", (gpuGetViewportWidth() - gputGetStringWidth("patch applied!", 8)) / 2 + 50, 70, 8, 8, 0 ,0 ,0);
}
}

//will crash
/*if(patchlist[SERIALCHANGE]==true)
{
if(!KernelBackdoor(changeSerial)){
gputDrawString("patch applied!", (gpuGetViewportWidth() - gputGetStringWidth("patch applied!", 8)) / 2 + 50, 70, 8, 8, 0 ,0 ,0);
}
}*/

HB_FlushInvalidateCache(); // Just to be sure!

Expand Down
36 changes: 14 additions & 22 deletions source/patches.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
#include "kobjects.h"

//-----------------------------------------------------------------------------

/*
u32 self_pid = 0;
int PatchPid()
Expand Down Expand Up @@ -46,7 +46,7 @@ void PatchSrvAccess()
// Cleanup; won't take effect until srv is reinitialized
KernelBackdoor(UnpatchPid);
}

*/
//-----------------------------------------------------------------------------

int findAndPatchCode( const char* titleId, short titleIdSize, const u32 startAddress, const u32 area, unsigned char originalcode[], const char patchcode[],u32 patchcodeSize)
Expand Down Expand Up @@ -185,7 +185,7 @@ int patchNs()
return 0;
}
/*
Todo:
Todo: find offsets
int patchDlp()
{
// Set generell informations for patching
Expand All @@ -203,31 +203,23 @@ int patchDlp()

/*
Todo:
//doesnt work atm(crashes)
//doesnt work atm(crashes)*/
int changeSerial()
{
// Target title id
//change console Serial
static const char * title_id = "cfg";
static const u32 patch_offset = 0x0fefffd5;
static const char * titleIdCfg = "cfg";
static const u32 startAddressCfg = 0x0fefffd5;

static const char * title_id2 = "act";
static const u32 patch_offset2 = 0x0003E74C;
static const char * titleIdAct = "act";
static const u32 startAddressAct = 0x0003E74C;

static const char serial[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
//todo read from file
static unsigned char orgSerial[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
static char serial[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

KCodeSet* code_set = FindTitleCodeSet(title_id,3);
if (code_set == nullptr)
return 1;
KCodeSet* code_set2 = FindTitleCodeSet(title_id2,3);
if (code_set2 == nullptr)
return 1;
void * destination = (u64*)FindCodeOffsetKAddr(code_set, patch_offset);
void * destination2 = (u64*)FindCodeOffsetKAddr(code_set2, patch_offset2);
memcpy(destination, serial, sizeof(serial));
memcpy(destination2, serial, sizeof(serial));
findAndReplace(titleIdCfg, 3, startAddressCfg, 0x00000010, 1, orgSerial, sizeof(orgSerial), serial, sizeof(serial));
findAndReplace(titleIdAct, 3, startAddressAct, 0x00000030, 1, orgSerial, sizeof(orgSerial), serial, sizeof(serial));

return 0;
}*/
}

15 comments on commit cdffb5e

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @hartmannaf I've got something to request for. The private update server is out on 4dsdev.
It should be possible to make a auto patcher for nim update urls. The URLs could be easily located in nim:0x100000+ region, and always starts with https and contains /services/. If you can adjust it to ?hax you can also make it launch the MSET And then you can update the console, yeah or "update"..
Sorry if I spoiled your issue tracker as chat log. Good luck with your own projects! Bye.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf Well since the private server url differs, maybe you can just read it from a text file.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, then it needs to be an extra menu entry, but for autobooting the systemsettings after patching it should be better anyway.
I also opened an issue: #11

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf and if there is any 3dsx that running with (whatever)hax 2.x can patch it and launch mset would be super easy. However i don't know if this can be done on a 9.3+ OFW.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Syphurith if we get the memory region, it could maybe be possible if its in the range of gspwn on system nand.
On 9.2 and lower a 3dsx using libkhax could be possible, but would not work on Emunand.

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf Oh. According to profi200 here so it is not likely to be that easy for a cheated update..

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that may be, but its still usefull to allow people to Update their emunand easily to 9.5 and their sysnand to 9.2, without downloading cias or the possibility of an brick because of an not properly installed firmware.
So it would still be very usefull, and maybe it will also be possible to post the txt file for the private update server on sites like GBAtemp.

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf The files needed to construct a server are all public. But hosting the files on internet and offer the link might lead to legal issues so i wrote those in order to let them build the server themselves, privately. The reason for no my server file on gbatemp, mainly dues to ronhero's working server. He does provide a paid service for n00b and said he would get it public once the $ had reached a limit. O...
However once used a spoofed package that all contents included claim to be version 32767 and in fact a 9.2 pack, with the server and launched in SysNand with SigPatch, would permantly stop it from updating.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Syphurith Yes, for the person who hosts it it will still be a legal issue, but I think it would be a lesser problem for normal users. Also I don't think it would be a problem to simply give the users the domain, but maybe I'm wrong. Would still be easier for users to update this way with something like 2.domain.com or 5.domain.com for 9.2 or 9.5 :)

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf In fact anyone can build the server themselves with proper software including PHP7+apache2 and nodejs, with the official complete package of the target version fetched using 3DNUS. It is easy to build a local server if you wish, thus avoid the legal issue cause that is not accessible from internet.
When spoofed the TMD itself break, however not its content, and those CXI/CFA contents is correctly signed, and console doesn't check TMD of installed title well. That's why there is FBI inject, and why profi200 said it can permantly block the official updates, even without sigpatch, after installation with sigpatch done on sysNand. And this is out of my thought before.
If those guys dare to offer a domain for thus, they are free to modify the script and free to take the risk.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Syphurith There will be people hosting this with the time I think, and people who want to experiment will be able to host it privat.
I will add it when I have the time to do so. It could help me to find the problem that make my fmp crash when I try to restart it after updating it.

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf It would easily crash if what you've implemented is in such a way. There is reason why some software contains a updater executable along with its main part. And just to launch a updater for the job should surely be easier than keeping the program in memory while updating it.
Let me explain a little more. If you've updated it, and exefs/romfs changes, but your app isn't again loaded, thus its symbol tables break - while assumed the system itself would not check something for security reason. So reasonable methods:
1.Start a updater, so your apps are seperated and you can update the updater in main after updated.
2.Prepare a constant bootstrap for your app, so you can download it, copy your inside updater to a constant memory region, load the new program, and start the constant bootstrap. Just as what FIRM does, this is implemented in some hardware products and you can regard it as a software reboot.
Indeed.. I don't see a real reason except ones of research that you want In-App-Update.

@Hartie95
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Syphurith I implemented it this way, because I tested it with FBI and BigBlueMenu, I installed different versions of them and started them from within their old version. It worked without a problem, but after I couldn't implement it this way, I simply close my application after a successful update. Maybe later I will create a simple Updater application, which will use a txt or json file for the target cia url, so that other applications could use it too.

@Syphurith
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hartmannaf That sounds good for other guys. Just let it download the new one from URL and install. The updator itself could be updated using other app (FMP or FBI).
Eh.. FBI itself could receive a CIA via network, and uninstall than install it again.

Please sign in to comment.